System and Method for Providing Multi-Location Access Management to Secured Items

Abstract

A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user's current location. Upon detecting that a user has moved to a new location, the local server for the new location can be reconfigured to add support for the user, while simultaneously, the local server for the previous location is reconfigured to remove support for the user. As a result, security is enhanced while the access management can be efficiently carried out to ensure that only one access from the user is permitted at any time across an entire organization, regardless of how many locations the organization has or what access privileges the user may be granted.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application is a continuation of U.S. patent application Ser. No. 10 / 075,194, filed Feb. 12, 2002, issued as U.S. Pat. No. 8,065,713, on Nov. 22, 2011, which claims the benefits of U.S. Provisional Application No. 60 / 339,634, filed Dec. 12, 2001, and entitled “Pervasive Security Systems,” which is hereby incorporated by reference for all purposes.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates to the area of protecting data in an enterprise environment, and more particularly, relates processes, systems, architectures and software products for providing pervasive security to digital assets at all times.[0004]2. Description of Related Art[0005]The Internet is the fastest growing telecommunications medium in history. This growth and the easy access it affords have significantly enhanced the opportunity to use advanced information technology for both the public and private sectors. It provides...

AI Technical Summary

Benefits of technology

"The present invention provides a system for securely managing digital assets in enterprise environments. It allows for pervasive security, meaning that digital assets are secured at all times and can only be accessed by authenticated users with proper access rights or privileges. The invention includes a server module that provides access control management for a group of users, software agents, or devices with a need to access secured documents. The server module creates access rules and privileges for users and software agents and manages the access to secured documents. The invention also includes a distributed system of local server computers that operate largely on behalf of a central server responsible for managing the access control. The format of the secured document allows for easy transportation of the document to other locations without losing its security information. The invention also provides an off-line access mechanism for users who need to access secured documents when not connected to a network."

Problems solved by technology

However, the advantages provided by the Internet come with a significantly greater element of risk to the confidentiality and integrity of information.

Without proper security means, an unauthorized person or machine may intercept any information traveling across the Internet and even get access to proprietary information stored in computers that interconnect to the Internet, but are otherwise generally inaccessible by the public.

However, it has been reported that many unauthorized accesses to proprietary information occur from the inside, as opposed to from the outside.

An example of someone gaining unauthorized access from the inside is when restricted or proprietary information is accessed by someone within an organization who is not supposed to do so.

Due to the open nature of the Internet, contractual information, customer data, executive communications, product specifications, and a host of other confidential and proprietary intellectual property remains available and vulnerable to improper access and usage by unauthorized users within or outside a supposedly protected perimeter.

A governmental report from General Accounting Office (GAO) details “significant and pervasive computer security weaknesses at seven organizations within the U.S. Department of Commerce, the widespread computer security weaknesses throughout the organizations have seriously jeopardized the integrity of some of the agency's most sensitive systems.” Further it states: “Using readily available software and common techniques, we demonstrated the ability to penetrate sensitive Commerce systems from both inside Commerce and remotely, such as through the Internet,” and “Individuals, both within and outside Commerce, could gain unauthorized access to these systems and read, copy, modify, and delete sensitive economic, financial, personnel, and confidential business data .

. . ” The report further concludes “[i]ntruders could disrupt the operations of systems that are critical to the mission of the department.”

Unfortunately, these various security means have been proven insufficient to reliably protect proprietary information residing on private networks.

For example, depending on passwords to access sensitive documents from within often causes security breaches when the password of a few characters long is leaked or detected.

Images